diff options
| author | plegall <plg@piwigo.org> | 2011-10-04 12:48:02 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2011-10-04 12:48:02 +0000 |
| commit | 72163bef70c925e4350a4ae92e1383215809d668 (patch) | |
| tree | e4a6078dc822f58be9c225db12921ed77c2df69c /plugins/language_switch/language_switch.inc.php | |
| parent | c1dd676c5c0a382d979d8e44642d904b966d6e8a (diff) | |
bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten
git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | plugins/language_switch/language_switch.inc.php | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/plugins/language_switch/language_switch.inc.php b/plugins/language_switch/language_switch.inc.php index a1d85a4ca..730705f59 100644 --- a/plugins/language_switch/language_switch.inc.php +++ b/plugins/language_switch/language_switch.inc.php @@ -100,15 +100,11 @@ UPDATE '.USER_INFOS_TABLE.' } $url_starting = get_query_string_diff(array('lang')); - + foreach ($available_lang as $code => $displayname) { - $qlc = array ( - 'url' => str_replace( - array('=&','?&'), - array('&','?'), - add_url_params($url_starting, array('lang'=> $code)) - ), + $qlc = array ( + 'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)), 'alt' => ucwords($displayname), 'title' => substr($displayname, 0, -4), // remove [FR] or [RU] 'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg', @@ -149,4 +145,4 @@ if (!function_exists('Componant_exists')) } } -?>
\ No newline at end of file +?> |